The folks over at vice.com have commented on the latest smartphone security debacle – namely, the turning on of smartphone disk encryption by default – and the complaints from law enforcement over this decision. Befitting the nature of the site, vice.com notes why law enforcement is wrong to raise the alarm. And how some well-meaning people have bought into the arguments because they don’t know better.
Encryption Wars Redux
What’s probably most frustrating to people who are opposing the government’s stance is that we’ve all been here before. The encryption wars of the 1990s, where the government tried to rein in the use of cryptographic tools, covered the same arguments that are being made today, and led to the logical conclusion that backdoors should be anathema to everyone – including the government.
The government’s requirement that a backdoor be installed on security solutions for law enforcement is beyond the pale because it can’t be guaranteed that only the government will be able to use it.
Think about it. Think about all the data breaches we’ve seen and heard of where hackers from Russia, or some Baltic state, or China, or wherever compromised the security of banking giants (who purportedly use the latest technology in security and hire the brightest), or the security of some government agency (including the military), or even the leading tech companies like Google.
Granted, in these cases, it wasn’t really a backdoor that was manipulated – there aren’t any backdoors, as far as I know – but bugs, security holes, and other weaknesses. From a technical standpoint, however, there is no difference between these weaknesses and a backdoor, although there is a difference in terms of policy or intent: a backdoor is put there on purpose.
In other words, a backdoor is a weakness you plant on purpose. That’s it; nothing more, nothing less. And while the government can promise to only use it in accordance with the law, what it cannot do is promise that everyone else who finds this backdoor will stick by that promise.
Or, as the authors at vice.com put it more eloquently:
So the next time a law enforcement official demands that Apple and Google put backdoors back into their products, remember what they’re really demanding: that everyone’s security be sacrificed in order to make their jobs marginally easier. Given that decreased security is only one of several problems raised by the prospect of cryptography regulation, you should ask yourself: Is that trade worth making?
It’s like that Refrigerator Joke
This latest fight over encryption reminds me of that observation, that a person will open the fridge, late at night, looking for something to munch on. He (or she – but usually he) finds nothing to his liking and closes the refrigerator door. He then comes back 5 minutes later and opens it again, eyeing the contents again, then closes the door; and then comes back again… despite the fact that nothing has changed.
Likewise with encryption and the argument for a backdoor. Nothing has fundamentally changed in terms of the argument against encryption (and hence the need for a backdoor), while the arguments for the use of encryption have increased dramatically.
Related Articles and Sites: